topic pix515 multiple interface configuration in Network Security https://community.cisco.com/t5/network-security/pix515-multiple-interface-configuration/m-p/683977#M1054617 <P>Hi, actually i have this scenario:pix 515e version 6.2(2) with on board</P><P>6 interfaces but now configure with 3 interfaces (in this mode):</P><P></P><P>INTERNET ROUTER (ETH 172.17.10.1)</P><P> I</P><P> I</P><P> I</P><P> I(OUTSIDE - 172.17.10.2)</P><P> PIX -INTF2--.2--------------(172.17.12.0/29)--------.3(PARTNER)</P><P> INSIDE (172.17.8.1/23)</P><P> I</P><P> I</P><P> I</P><P> I</P><P>MY LAN</P><P></P><P>then 3 interfaces configuration without NAT.</P><P>there are the static routes:</P><P>route outside 0.0.0.0 0.0.0.0 172.17.10.1 1 route intf2 192.168.54.209 255.255.255.255 172.17.12.3 1 route intf2 192.168.129.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.131.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.134.0 255.255.255.0 172.17.12.3 1</P><P></P><P>traffic outcomes from my default gateway coming out from 172.17.10.1, traffic out/in from /to network 192.168.x.x/16 is forwarded from intf2 this scenario works well.</P><P>but tomorrow i must add new two routers on 2 new interfaces and i would have this new scenario:</P><P></P><P> ISP ROUTER (.3 ) ISP ROUTER (.1)</P><P> \ I</P><P> 172.17.14.0/30 \ I 172.17.10.0/30</P><P> \ I</P><P> INTF3(.2) \ I(OUTSIDE - .2)</P><P>(PARTNER)(.3)(172.17.13.0/29)INTF5(.2)PIX-INTF2(.2)(172.17.12.0/29)(.3)(PARTNER)</P><P> INSIDE (172.17.8.1/23)</P><P> I</P><P> I</P><P> I</P><P> I</P><P> I</P><P> MY LAN</P><P></P><P></P><P>and this would have to be future situation:</P><P>the traffic that outcomes from 172.17.8.1/25 coming out from</P><P>172.17.10.1</P><P>the traffic that outcomes from 172.17.8.128/25 coming out from a new interface 172.17.14.3 except traffic out/in from 192.168.0.0/16 coming out from 172.17.12.3 traffic that outcomes from 172.17.9.1/25 coming out from interface</P><P>172.17.14.3 except traffic out/in 192.168.0.0/16 coming out from</P><P>172.17.13.3</P><P>traffic outcomes from 172.17.9.128/25 coming out from 172.17.10.1</P><P></P><P>is it possible this scenario?</P><P>can you help me with this configuration?obbligatory i use NAT?</P><P></P><P>sorry for my bad english...</P><P>thanks in advance</P><P></P><P>Matt</P> Fri, 21 Feb 2020 09:19:01 GMT teteja1974 2020-02-21T09:19:01Z pix515 multiple interface configuration https://community.cisco.com/t5/network-security/pix515-multiple-interface-configuration/m-p/683977#M1054617 <P>Hi, actually i have this scenario:pix 515e version 6.2(2) with on board</P><P>6 interfaces but now configure with 3 interfaces (in this mode):</P><P></P><P>INTERNET ROUTER (ETH 172.17.10.1)</P><P> I</P><P> I</P><P> I</P><P> I(OUTSIDE - 172.17.10.2)</P><P> PIX -INTF2--.2--------------(172.17.12.0/29)--------.3(PARTNER)</P><P> INSIDE (172.17.8.1/23)</P><P> I</P><P> I</P><P> I</P><P> I</P><P>MY LAN</P><P></P><P>then 3 interfaces configuration without NAT.</P><P>there are the static routes:</P><P>route outside 0.0.0.0 0.0.0.0 172.17.10.1 1 route intf2 192.168.54.209 255.255.255.255 172.17.12.3 1 route intf2 192.168.129.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.131.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.134.0 255.255.255.0 172.17.12.3 1</P><P></P><P>traffic outcomes from my default gateway coming out from 172.17.10.1, traffic out/in from /to network 192.168.x.x/16 is forwarded from intf2 this scenario works well.</P><P>but tomorrow i must add new two routers on 2 new interfaces and i would have this new scenario:</P><P></P><P> ISP ROUTER (.3 ) ISP ROUTER (.1)</P><P> \ I</P><P> 172.17.14.0/30 \ I 172.17.10.0/30</P><P> \ I</P><P> INTF3(.2) \ I(OUTSIDE - .2)</P><P>(PARTNER)(.3)(172.17.13.0/29)INTF5(.2)PIX-INTF2(.2)(172.17.12.0/29)(.3)(PARTNER)</P><P> INSIDE (172.17.8.1/23)</P><P> I</P><P> I</P><P> I</P><P> I</P><P> I</P><P> MY LAN</P><P></P><P></P><P>and this would have to be future situation:</P><P>the traffic that outcomes from 172.17.8.1/25 coming out from</P><P>172.17.10.1</P><P>the traffic that outcomes from 172.17.8.128/25 coming out from a new interface 172.17.14.3 except traffic out/in from 192.168.0.0/16 coming out from 172.17.12.3 traffic that outcomes from 172.17.9.1/25 coming out from interface</P><P>172.17.14.3 except traffic out/in 192.168.0.0/16 coming out from</P><P>172.17.13.3</P><P>traffic outcomes from 172.17.9.128/25 coming out from 172.17.10.1</P><P></P><P>is it possible this scenario?</P><P>can you help me with this configuration?obbligatory i use NAT?</P><P></P><P>sorry for my bad english...</P><P>thanks in advance</P><P></P><P>Matt</P> Fri, 21 Feb 2020 09:19:01 GMT https://community.cisco.com/t5/network-security/pix515-multiple-interface-configuration/m-p/683977#M1054617 teteja1974 2020-02-21T09:19:01Z Re: pix515 multiple interface configuration https://community.cisco.com/t5/network-security/pix515-multiple-interface-configuration/m-p/683978#M1054619 <HTML><HEAD></HEAD><BODY><P>Try these links:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094769.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094769.shtml</A></P><P></P></BODY></HTML> Fri, 24 Nov 2006 17:46:47 GMT https://community.cisco.com/t5/network-security/pix515-multiple-interface-configuration/m-p/683978#M1054619 bbaley 2006-11-24T17:46:47Z